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DETAILED ACTION 

1 . Claims 1-35 have been examined. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 12/10/08 has been entered. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) llic invcnlion was described in (1) an application for patent, published under section 122(b), by another filed 
in the Unilcd Slates before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the Enghsh language. 

4. Claims 1-35 are rejected under 35 U.S.C. 102(e) as being anticipated by Wexler et al. 
U.S. Pub. No. 20030229809 (hereinafter Wexler). 

5. As per claim 1, Wexler discloses a security system for use in conjunction with data 
flowing fi-om a first device to a second device being directed to said second device in accordance 
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with a network address of said second device, said system comprising: a security device 
connected between said first and second devices (Wexler: [0009]: proxy server), said security 
device accepting packet data for bridging to said second device (Wexler: [0009]: handles 
packets), said security device operable for observing data flowing from said first device to said 
second device, said security device not itself having a network address or a physical address 
(Wexler: [0010]-[001 1]: the proxy server does not have an IP address. . . proxy server changes 
contents of some of the packets it forwards; [0048]: optionally the network devices are not aware 
of the presence of the proxy server in layer-2/MAC), and configured to be inserted between said 
first and said second device while a network connection is active (Wexler: [0009] lines 10-12: 
the transparent proxy server eliminates the need to configure network elements). 

6. As per claim 2, Wexler discloses the system of claim 1 . Wexler fiirther discloses wherein 
said first device could be any device on the unsecured side of said security device, each said first 
device having a unique network address (Wexler: [0038]: source IP address), and wherein said 
second device could be any device on the secured side of said security device (Wexler: [0047] 
and figure 1 : proxy protects local area network), each said second device having a unique 
network address (Wexler: [0038]: destination IP address). 

7. As per claim 3, Wexler discloses the system of claim 2. Wexler further discloses wherein 
said security device maintains a list of addresses for which it has security responsibility and 
wherein said security device only observes those data packets containing the network addresses 
maintained in said list (Wexler: [0056]). 
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8. As per claim 4, Wexler discloses the system of claim 3. Wexler further discloses wherein 
said list includes addresses of both said first devices and said second devices (Wexler: [0056]: 
store IP addresses for security verification; [0062]: manages a list of expected packets; [0072]- 
[0073]: the tables include source and destination IP addresses). 

9. As per claim 5, Wexler discloses the system of claim 1 . Wexler further discloses wherein 
said observing comprises: a monitoring system for gathering information pertaining to the 
operation of said second device (Wexler: [0072]: inbound and outbound reception table and 
transmission table); and a mechanism for modifying the flow of data into said security system 
depending upon said gathered information (Wexler: [0023]: modifying some fields of the 
packets). 

10. As per claim 6, Wexler discloses the system of claim 5. Wexler further discloses wherein 
said gathered information is selected fi-om the list containing: number of arriving packets in a 
particular time interval; the type of requests contained within given packets; the nature of the 

informational content of the packets; the sending identity of the packets; the destination of the 
packets; the traffic patterns formed by packets from specific sources; the number of arriving 
packets from specific sources; the correctness of the packets; certain data contained in one or 
more messages; and the type of file attached to a message (Wexler: [0072] -[0073]: storing 
information pertaining to operation of the proxy server; [0060]: functions of the proxy server). 
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11. As per claim 7, Wexler discloses the system of claim 5. Wexler further discloses wherein 
said flow modifying mechanism operates to compare said gathered information with certain pre- 
established criteria and to set limits (Wexler: [0072] -[0073]: the tables are created for allowing 
communication between source and destination; [0104]: the table entry is erased upon time-out), 

and wherein said operational characteristics of said mechanism is modified in accordance with 
said set limits (Wexler: [0104]: when the entry is erased, session is closed). 

12. As per claim 8, Wexler discloses a security device for use in a packet data network where 
packets are delivered from a sending location to a destination location based upon one or more 
destination network addresses associated with each packet (Wexler: [0009]: proxy server), said 
security device comprising: at least one NIC card for receiving data packets (Wexler: [0047]: 
inbound and outbound ports); a database for maintaining a hst of destination network addresses 
to be secured by said device (Wexler: [0056]: proxy is configured with IP addresses of the 
entities in the local network); wherein said at least one NIC card is connected to said network at 
any point between a sending location and one or more destination locations (Wexler: [0047]: the 
inboimd and outbound ports are connected to external router for Internet and edge router for 
local network), said NIC card maintained in promiscuous mode such that said security device 
can observe all data directed to any destination addresses maintained from time to time in said 
list (Wexler: [0056]: the proxy server operates in Promiscuous mode); wherein said security 
device is connected to said network without establishing a network address or a physical address 
for said security device (Wexler: [0009]: the proxy server is intercepts packets that is not 
directed to the proxy server; [0010]: the proxy server does not have an IP address; [0048]: 
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optionally the network devices are not aware of the presence of the proxy server in layer- 
2/MAC); and wherein said security device can be moved from location to location on said 
network without changing any network settings (Wexler: [0009]: the transparent proxy server 
eliminates the need to configure network elements with the identity of the proxy server). 

13. As per claim 1 1 , Wexler discloses the device of claim 8. Wexler further discloses the 
method comprises a plurality of NIC cards all operating in said promiscuous mode (Wexler: 
[0056]: all packets are processed under Promiscuous mode). 

14. As per claim 12, Wexler discloses the device of claim 1 1 . Wexler further discloses 
wherein said security device has a zero network footprint while said NIC cards are in said 
promiscuous mode (Wexler: [0048]: the edge router and extemal router are not aware in layer 2 
and layer 3 of the presence of proxy server). 

15. As per claim 13, Wexler discloses the device of claim 12. Wexler fiirther discloses 
wherein all of said NIC cards share the same destination list (Wexler: [0047]: inbound and 
outbound ports can transmit and receive data; [0068]: incoming and outgoing packets are 
verified according to destination IP address). 

16. As per claim 14, Wexler discloses the device of claim 8. Wexler further discloses 
wherein said observing comprises: monitoring system for gathering information pertaining to the 
operation of said second device (Wexler: [0072]: inbound and outbound reception table and 



Application/Control Number: 1 0/687,4 1 3 Page 7 

Art Unit: 2431 

transmission table); and mechanism for modifying the flow of data into said security system 
depending upon said gathered information (Wexler: [0023]: modifying some fields of the 
packets). 

17. As per claim 15, Wexler discloses the device of claim 14. Wexler further discloses 
wherein said gathered information is selected from the list containing: number of arriving 
packets in a particular time interval; the type of requests contained within given packets; the 
nature of the informational content of the packets; the sending identity of the packets; the 
destination of the packets; the traffic patterns formed by packets from specific sources; the 
number of arriving packets fi-om specific sources; the correctness of the packets; certain data 
contained in one or more messages; and the type of file attached to a message (Wexler: [0072]- 
[0073]: storing information pertaining to operation of the proxy server; [0060]: fiinctions of the 
proxy server). 

18. As per claim 16, Wexler discloses the device of claim 15. Wexler fiirther discloses 
wherein said flow modifying mechanism operates to compare said gathered information with 
certain pre-established criteria and to set limits (Wexler: [0072]-[0073]: the tables are created for 
allowing communication between source and destination; [0104]: the table entry is erased upon 
time-out), and wherein said operational characteristics of said mechanism is modified in 
accordance with said set limits (Wexler: [0104]: when the entry is erased, session is closed). 
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19. As per claim 17, Wexler discloses a method for monitoring data packets arriving at a 
destination device, said data packets including a network address said packets traveling on a 
network defined in accordance with said network addresses (Wexler: [0009]: proxy server 
intercepts packets directed to destination IP addresses), said method comprising the steps of: 
inserting a security device into said network at a particular location between a sending device 
and a destination device (Wexler: [0047]: the proxy server is located between source and 
destination device); and establishing within said security device the network addresses of said 
destination device (Wexler: [0056]: proxy server is configured with IP addresses of the entities 
of local network). 

20. As per claim 18, Wexler discloses the method of claim 17. Wexler fiirther discloses 
wherein said destination device is a plurality of devices and wherein said establishing step 
comprises: establishing all of said plurality of destination devices within said security device 
(Wexler: [0056]: configiire IP addresses of entities of local network). 

21 . As per claim 19, Wexler discloses the method of claim 18. Wexler fiirther discloses 

wherein at least one of said destination devices is on a public side of said security device so as to 
monitor data packets egressing from a private side of security device (Wexler: [0068]: monitor 
packets received from inbound port toward outbound is monitored). 
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22. As per claim 20, Wexler discloses the method of claim 17. Wexler further discloses the 
step of setting said security device to operate in the promiscuous mode (Wexler: [0056]: proxy 
server operates in Promiscuous mode). 

23. As per claim 21, Wexler discloses the method of claim 20. Wexler further discloses the 
step of modifying the delivery of data to said destination based upon the content of information 
in arriving data packets (Wexler: [0060]: well known functions of proxy server). 

24. As per claim 22, Wexler discloses the method of claim 17. Wexler further discloses 
wherein said security device does not have a network location address (Wexler: [0010]: proxy 
server does not have IP address; [0048]: the external and internal network is not aware of the 
proxy server in layer 2 and layer 3). 

25. As per claim 23, Wexler discloses the method of claim 22. Wexler further discloses the 
steps of blocking certain data packets from reaching said destination device (Wexler: [0060]: 
proxy server functions; blocking all packets from reaching said destination device (Wexler: 
[0060]: redirection) ; load balancing between devices (Wexler: [0060]: load balancing); 
modifying the informational content of certain ones of said packets (Wexler: [0060]: correctness 
check. . .change portions of the packets); unblocking certain hitherto blocked packets, on the 
basis of certain parameters (Wexler: [0060]: access control); and modifying the informational 
content of certain ones of said packets (Wexler: [0060]: change content). 
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26. As per claim 24, Wexler discloses the method of claim 17. Wexler further discloses the 
steps of: monitoring data packets leaving said destination device (Wexler: [0068]: bi-directional 
monitoring); and selectively modifying the operational characteristics of any network traveled by 
said data packets based upon the content of said leaving packets (Wexler: [0060]: proxy server 
functions. . .change portions of the packets). 

27. As per claim 25, Wexler discloses the method of claim 17. Wexler further discloses 
wherein said inserting step can be accomphshed without changing network configuration settings 
(Wexler: [0009]: the transparent proxy server eliminates the need to configure network elements 
with the identity of the proxy server). 

28. As per claim 26, Wexler discloses the method of claim 17. Wexler further discloses 
wherein said inserting step can be performed while said network is operating (Wexler: [0009]: no 
need to change settings). 

29. As per claim 27, Wexler discloses the method of claim 17. Wexler further discloses the 
step of: removing said security device form said particular location while said network is 
operating (Wexler: [0016]: the transparency module is located on the switch). 

30. As per claim 28, Wexler discloses a security device for connection in a data network 
ahead of a plurality of data destinations to be protected, each said destination identifiable by a 
unique network address (Wexler: [0056]: protect entities in local network), said security device 



Application/Control Number: 1 0/687,4 1 3 Page 1 1 

Art Unit: 2431 

comprising: means for accepting data packets from said network without said data packets being 
addressed to said security device (Wexler: [0009]: intercepts packets directed to destination IP 
addresses); and means for passing accepted data packets to particular ones of said data 
destinations in accordance with destination addresses of said destinations to be detected and 
maintained for said security device (Wexler: [0048]: forwards packets to same IP addresses as 
they are received). 

31. As per claim 29, Wexler discloses the device of claim 28. Wexler further discloses 
wherein said maintained destination addresses are stored in a database internal to said security 
device (Wexler: [0056]: store the IP addresses into the proxy server). 

32. As per claim 30, Wexler discloses the device of claim 28. Wexler further discloses 
wherein said accepting means comprises: at least one network termination operating in a 
promiscuous mode (Wexler: [0056]). 

33 . As per claim 3 1 , Wexler discloses a method of operating a security device connected to a 
data network ahead of a plurality of data destinations to be protected, each said destination 
identifiable by a unique network address (Wexler: [0056]: protect entities in local network), said 
data network having a plurality of nodes (Wexler: [0056]), said method comprising the steps of: 
accepting data packets from said network without said data packets being addressed to said 
security device (Wexler: [0009]: intercepts packets directed to destination IP addresses); and 
passing accepted data packets to particular ones of said data destinations in accordance with 
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destination addresses of said destinations to be detected and maintained for said security device 
(Wexler: [0048]: forwards packets to same IP addresses as they are received). 

34. As per claim 32, Wexler discloses the method of claim 3 1 . Wexler further discloses the 
method comprises real time review of certain parameters pertaining to data flowing between 
nodes of said network (Wexler: [0056]: all packets are passed to processor of proxy server); 
means for comparing said monitored parameters against stored criteria (Wexler: [0060]: well 
known functions of proxy server); and means for feeding data traffic affecting signals to one or 
more of said nodes under at least partial control of said comparing means (Wexler: [0060]: 
changing portions of the packets including traffic redirection). 

35. As per claim 33, Wexler discloses the method of claim 32. Wexler further discloses 
wherein said stored criteria are dynamically changeable (Wexler: [0104]: each entry has time-out 
field which is periodically decremented). 

36. As per claim 34, Wexler discloses the method of claim 32. Wexler further discloses the 
method comprises the step of: storing certain of said monitored parameters for a period of time, 
at least some of said stored parameters being useful in determining at least a portion of the 
communication history of said monitored data (Wexler: [0079]: timestamp; [0103]: time-out 
field). 
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37. As per claim 35, Wexler discloses the method of claim 32. Wexler further discloses 
wherein at least one of said nodes to which data traffic attaches signals is a gateway node to said 
destination to be protected (Wexler: [0072]-[0073]: maintain tables to record IP addresses of 
inbound and outbound messages). 



Response to Arguments 
38. Applicant's arguments filed on 12/10/08 have been fiiUy considered but they are not 
persuasive. 

Regarding applicant's remarks, applicant argues that the prior art of record does not 
discloses that the proxy server does not have physical address. However, the examiner disagrees. 
Wexler discloses that optionally the proxy server is capable of forwarding layer-2 packets 
without the network device being aware of the presence of the proxy server (Wexler: [0048]: 
optionally the network devices are not aware of the presence of the proxy server in layer- 
2/MAC). 

On the other hand, apphcant argues that the Wexler reference does not disclose wherein 
the security device is configured to be inserted between said first and said second device while a 
network connection is active. However, Wexler discloses the a transparent proxy server that 
eliminates the need to configure network elements and it functions without configuration 
(Wexler: [0009]). One with ordinary skill in the art understands that configuration causes 
network to be temporarily deactivated and by providing a transparent proxy server that 
eliminates configuration need, network can continue to fiinction without interruption. Therefore, 
applicant's argument is traversed. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHIN-HON CHEN whose telephone number is (571)272-3789. 
The examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Shin-Hon Chen 
Examiner 
Art Unit 2431 

/Shin-Hon Chen/ 
Examiner, Art Unit 243 1 



